The MSA Page

Administrative Simplification

(Title II, Subtitle F)

Effective date: January 1, 1997

  • Encourages the development of a health information system through the establishment of standards and requirements for electronic transmission of certain health information. Standards would apply to a health plan, a clearinghouse, or a health care provider, but only to the extent that the provider was conducting electronic transactions.
  • The Secretary of HHS could adopt standards for transactions and data elements to enable health information to be exchanged electronically. There are also standards for security of health information. The use of standards will apply to health plans, clearinghouses and only those health care providers who transmit health information in electronic form.

Definition of health plan

  • An individual or group plan that provides, or pays the cost of medical care. Such term includes the following:
  • Group health plans;
  • Health insurance issuers;
  • Health maintenance organizations;
  • Part A or B of the Medicare program;
  • The Medicaid program;
  • Medicare supplemental policies;
  • Long-term care policies;
  • Employee welfare benefit plans;
  • Other federal public plans; and
  • The Federal Employees Health Benefit Plan (FEHBP).


  • The Secretary will adopt standards for financial and administrative transactions and data elements exchanged electronically that are consistent with the goals of improving the operation of the health care system and reducing administrative costs.
  • Financial and administrative transactions would include claims, claims attachments, enrollment and disenrollment, eligibility, health care payment and remittance advice, premium payments, first report of injury, claims status, and referral certification and authorization.
  • The standards will provide for standard unique health identifiers for each individual, employer, health plan and health care provider for use in the health care system. When adopting identifier standards, the Secretary of HHS can consider multiple uses for identifiers such as social security numbers.
  • The Secretary would be required to establish security standards that:
    • Take into account the technical capabilities of record systems to maintain health information, the costs of security measures, the need for training persons with access to health information, the value of audit trails in computerized record systems used, and the needs and capabilities of small health care providers and rural health care providers; and
    • Ensure that a clearinghouse, if it is a part of a larger organization, has policies and security procedures which isolate the activities of such service to prevent unauthorized access to such information by the larger organization.
  • These standard requirements supersede state laws, except where the Secretary of HHS determines the state law is necessary to prevent fraud and abuse, ensure appropriate state regulation of insurance and health plans, or involves state reporting on health care delivery or costs. Another exception is if the state law relates to the privacy of health information.
  • There are penalties for failure to comply with standards. The standards adopted are prohibited from requiring disclosure of trade secrets or confidential commercial financial information by participants in the health information network.
  • The Secretary of HHS will have assistance from and rely upon the recommendations of the National Committee on Vital and Health Statistics and will consult with specified organizations prior to the adoption of standards. The specified groups are:
    • the National Uniform Billing Committee;
    • the National Uniform Claim Committee; and
    • the Working Group for Electronic Data Interchange.

Timetables for adoption of standards

  • The transactions, data elements of health information, security and privacy standards must be adopted by the Secretary no later than 18 months of enactment. Standards relating to claims attachments would be required to be adopted no later than 30 months.
  • Health plans could satisfy the transmission of information by directly transmitting standard data elements of health information or submitting nonstandard data elements to a clearinghouse for processing into standard data elements and transmission.
  • Health plans have 24 to months to implement the standards
  • Small health plans, determined by the Secretary of HHS, would be required to comply no later than 36 months after standards were adopted.

General penalties for failure to comply with standards and requirements

  • The Secretary of HHS would impose on any person who violates a provision under the law of not more than $100 for each such violation of a specific standard or requirement, except that the total amount imposed on the person would not exceed $25,000 during a calendar year.
  • A penalty would not be imposed if it was established that the person liable for the penalty did not know and by exercising reasonable diligence would not have known to be in violation. A penalty would not be imposed if:
    1. The failure to comply was due to reasonable cause and not willful neglect;
    2. The failure to comply was corrected during the 30-day period beginning on the first date the person liable for the penalty knows, or would have known, that the failure to comply occurred.

Wrongful disclosure of individually identified health information

  • Defines the offense of wrongful disclosure of individually identifiable health information as instances when a person who knowingly:
    • Uses or causes to be a unique health identifier violation of a provision of this law;
    • Obtains individually identifiable health information relating to an individual in violation of a provision in this law; or
    • Discloses individually identifiable health information to another person in violation of this law.
  • A person committing such an offense would be required to:
    • Be fined no more than $50,000, imprisoned no more than one year or both;
    • If the offense was committed under false pretenses, be fined not more than $100,000, imprisoned not more than five years, or both; and
    • If the offense was committed with intent to sell, transfer, or use individually identified health information for commercial advantage, personable gain, or malicious harm, fined no more than $250,000, imprisoned no more than 10 years, or both.

Changes in membership and duties of National Committee on Vital and Health Statistics

  • Would amend the membership and duties of the National Committee on Vital and Health Statistics and increase the number of members to 18.
  • The committee would be required to:
    1. Provide assistance and advice to the Secretary of HHS on issues related to health statistical and health information; help with complying with the requirements of the law;
    2. Study the issues related to the adoption of uniform data standards for patient medical record information and electronic exchange of such information;
    3. Report to the Secretary not later than four years after enactment of this law, and annually thereafter, recommendations and legislative proposals for such standards and electronic exchange;
    4. Be generally advising the Secretary of HHS and Congress on the status of future health information network; and
    5. No later than one year after enactment, to report to Congress, health care providers, health plans, and other entities using the health information network regarding:
      • the extent to which entities using the network were meeting the standards adopted and working together to form an integrated network that meets the needs of its users;
      • the extent to which entities were meeting the privacy and security standards, and the types of penalties assessed for non-compliance;
      • whether the federal and state governments were receiving information of sufficient quality to meet their responsibilities;
      • any problems that exist with implementation of the network; and
      • the extent to which timetables established by under this part of the law were being met.
  • The Secretary would submit detailed recommendations on standards with respect to the privacy of individually identifiable health information not later than 12 months. The recommendations would be required to address at least:
    • The rights an individual should have relating to individually identifiable health information;
    • The procedures that should be established for the exercise of such rights; and
    • The uses and disclosures of such information that should be authorized or required.
  • The Secretary would be required to consult with the Attorney General, and the National Committee on Vital and Health Statistics for carrying out this law. If Congress fails to enact privacy legislation, the Secretary is required to develop standards with respect to privacy of individually identifiable health information no later than 42 months.

[Next 3103 Summary Chapter]
[3103 Summary Index]

Council for Affordable Health Insurance
112 S. West St., Suite 400
Alexandria, VA 22314
(703) 836-6200
(703) 836-6550 (fax)

Web Site

[MSA Page Home]
Copyright 1996 by Physicians Who Care
All Rights Reserved.